|
 |
86e75a |
From 5917dbd8f38bab29de9e40d1135b0e9e85cb91bc Mon Sep 17 00:00:00 2001
|
|
|
86e75a |
From: Lee Yarwood <lyarwood@redhat.com>
|
|
|
86e75a |
Date: Tue, 7 Jul 2015 14:54:49 +0100
|
|
|
86e75a |
Subject: [PATCH] [openstack_neutron] Obscure passwords and secrets
|
|
|
86e75a |
|
|
|
86e75a |
The following passwords and secrets are now obscured :
|
|
|
86e75a |
|
|
|
86e75a |
- rabbit_password
|
|
|
86e75a |
- qpid_password
|
|
|
86e75a |
- nova_admin_password
|
|
|
86e75a |
- xenapi_connection_password
|
|
|
86e75a |
- password
|
|
|
86e75a |
- connection
|
|
|
86e75a |
- admin_password
|
|
|
86e75a |
- metadata_proxy_shared_secret
|
|
|
86e75a |
- qpid_password
|
|
|
86e75a |
- eapi_password
|
|
|
86e75a |
- crd_password
|
|
|
86e75a |
- primary_l3_host_password
|
|
|
86e75a |
- serverauth
|
|
|
86e75a |
- ucsm_password
|
|
|
86e75a |
- ha_vrrp_auth_password
|
|
|
86e75a |
- ssl_key_password
|
|
|
86e75a |
- vcenter_password
|
|
|
86e75a |
- edge_appliance_password
|
|
|
86e75a |
- tenant_admin_password
|
|
|
86e75a |
- apic_password
|
|
|
86e75a |
|
|
|
86e75a |
Fixes #594
|
|
|
86e75a |
|
|
|
86e75a |
Signed-off-by: Lee Yarwood <lyarwood@redhat.com>
|
|
|
86e75a |
---
|
|
|
86e75a |
sos/plugins/openstack_neutron.py | 16 ++++++++++++++++
|
|
|
86e75a |
1 file changed, 16 insertions(+)
|
|
|
86e75a |
|
|
|
86e75a |
diff --git a/sos/plugins/openstack_neutron.py b/sos/plugins/openstack_neutron.py
|
|
|
86e75a |
index 36de7cc..ab895c8 100644
|
|
|
86e75a |
--- a/sos/plugins/openstack_neutron.py
|
|
|
86e75a |
+++ b/sos/plugins/openstack_neutron.py
|
|
|
86e75a |
@@ -14,6 +14,7 @@
|
|
|
86e75a |
# along with this program; if not, write to the Free Software
|
|
|
86e75a |
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
86e75a |
|
|
|
86e75a |
+import glob
|
|
|
86e75a |
import os
|
|
|
86e75a |
import re
|
|
|
86e75a |
|
|
|
86e75a |
@@ -50,6 +51,21 @@ class Neutron(Plugin):
|
|
|
86e75a |
|
|
|
86e75a |
self.netns_dumps()
|
|
|
86e75a |
|
|
|
86e75a |
+ def postproc(self):
|
|
|
86e75a |
+ protect_keys = [
|
|
|
86e75a |
+ "rabbit_password", "qpid_password", "nova_admin_password",
|
|
|
86e75a |
+ "xenapi_connection_password", "password", "connection",
|
|
|
86e75a |
+ "admin_password", "metadata_proxy_shared_secret", "qpid_password",
|
|
|
86e75a |
+ "eapi_password", "crd_password", "primary_l3_host_password",
|
|
|
86e75a |
+ "serverauth", "ucsm_password", "ha_vrrp_auth_password",
|
|
|
86e75a |
+ "ssl_key_password", "nsx_password", "vcenter_password",
|
|
|
86e75a |
+ "edge_appliance_password", "tenant_admin_password", "apic_password"
|
|
|
86e75a |
+ ]
|
|
|
86e75a |
+ regexp = r"((?m)^\s*#*(%s)\s*=\s*)(.*)" % "|".join(protect_keys)
|
|
|
86e75a |
+
|
|
|
86e75a |
+ for config_file in glob.glob("/etc/%s/*" % self.component_name):
|
|
|
86e75a |
+ self.do_file_sub(config_file, regexp, r"\1*********")
|
|
|
86e75a |
+
|
|
|
86e75a |
def netns_dumps(self):
|
|
|
86e75a |
# It would've been beautiful if we could get parts of the networking
|
|
|
86e75a |
# plugin to run in different namespaces. There are a couple of options
|
|
|
86e75a |
--
|
|
|
86e75a |
1.8.3.1
|
|
|
86e75a |
|